2 * Firmware I/O code for mac80211 Prism54 drivers
4 * Copyright (c) 2006, Michael Wu <flamingice@sourmilk.net>
5 * Copyright (c) 2007-2009, Christian Lamparter <chunkeey@web.de>
6 * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
9 * - the islsm (softmac prism54) driver, which is:
10 * Copyright 2004-2006 Jean-Baptiste Note <jbnote@gmail.com>, et al.
12 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies).
14 * This program is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License version 2 as
16 * published by the Free Software Foundation.
19 #include <linux/init.h>
20 #include <linux/slab.h>
21 #include <linux/firmware.h>
22 #include <linux/etherdevice.h>
24 #include <net/mac80211.h>
30 int p54_parse_firmware(struct ieee80211_hw *dev, const struct firmware *fw)
32 struct p54_common *priv = dev->priv;
33 struct exp_if *exp_if;
34 struct bootrec *bootrec;
35 u32 *data = (u32 *)fw->data;
36 u32 *end_data = (u32 *)fw->data + (fw->size >> 2);
37 u8 *fw_version = NULL;
45 while (data < end_data && *data)
48 while (data < end_data && !*data)
51 bootrec = (struct bootrec *) data;
53 while (bootrec->data <= end_data && (bootrec->data +
54 (len = le32_to_cpu(bootrec->len))) <= end_data) {
55 u32 code = le32_to_cpu(bootrec->code);
57 case BR_CODE_COMPONENT_ID:
58 priv->fw_interface = be32_to_cpup((__be32 *)
60 switch (priv->fw_interface) {
64 char *iftype = (char *)bootrec->data;
65 printk(KERN_INFO "%s: p54 detected a LM%c%c "
67 wiphy_name(priv->hw->wiphy),
68 iftype[2], iftype[3]);
73 printk(KERN_ERR "%s: unsupported firmware\n",
74 wiphy_name(priv->hw->wiphy));
78 case BR_CODE_COMPONENT_VERSION:
79 /* 24 bytes should be enough for all firmwares */
80 if (strnlen((unsigned char *) bootrec->data, 24) < 24)
81 fw_version = (unsigned char *) bootrec->data;
84 struct bootrec_desc *desc =
85 (struct bootrec_desc *)bootrec->data;
86 priv->rx_start = le32_to_cpu(desc->rx_start);
87 /* FIXME add sanity checking */
88 priv->rx_end = le32_to_cpu(desc->rx_end) - 0x3500;
89 priv->headroom = desc->headroom;
90 priv->tailroom = desc->tailroom;
91 priv->privacy_caps = desc->privacy_caps;
92 priv->rx_keycache_size = desc->rx_keycache_size;
93 if (le32_to_cpu(bootrec->len) == 11)
94 priv->rx_mtu = le16_to_cpu(desc->rx_mtu);
96 priv->rx_mtu = (size_t)
97 0x620 - priv->tx_hdr_len;
98 maxlen = priv->tx_hdr_len + /* USB devices */
99 sizeof(struct p54_rx_data) +
100 4 + /* rx alignment */
101 IEEE80211_MAX_FRAG_THRESHOLD;
102 if (priv->rx_mtu > maxlen && PAGE_SIZE == 4096) {
103 printk(KERN_INFO "p54: rx_mtu reduced from %d "
104 "to %d\n", priv->rx_mtu, maxlen);
105 priv->rx_mtu = maxlen;
109 case BR_CODE_EXPOSED_IF:
110 exp_if = (struct exp_if *) bootrec->data;
111 for (i = 0; i < (len * sizeof(*exp_if) / 4); i++)
112 if (exp_if[i].if_id == cpu_to_le16(IF_ID_LMAC))
113 priv->fw_var = le16_to_cpu(exp_if[i].variant);
115 case BR_CODE_DEPENDENT_IF:
117 case BR_CODE_END_OF_BRA:
118 case LEGACY_BR_CODE_END_OF_BRA:
124 bootrec = (struct bootrec *)&bootrec->data[len];
128 printk(KERN_INFO "%s: FW rev %s - Softmac protocol %x.%x\n",
129 wiphy_name(priv->hw->wiphy), fw_version,
130 priv->fw_var >> 8, priv->fw_var & 0xff);
132 if (priv->fw_var < 0x500)
133 printk(KERN_INFO "%s: you are using an obsolete firmware. "
134 "visit http://wireless.kernel.org/en/users/Drivers/p54 "
135 "and grab one for \"kernel >= 2.6.28\"!\n",
136 wiphy_name(priv->hw->wiphy));
138 if (priv->fw_var >= 0x300) {
139 /* Firmware supports QoS, use it! */
141 if (priv->fw_var >= 0x500) {
142 priv->tx_stats[P54_QUEUE_AC_VO].limit = 16;
143 priv->tx_stats[P54_QUEUE_AC_VI].limit = 16;
144 priv->tx_stats[P54_QUEUE_AC_BE].limit = 16;
145 priv->tx_stats[P54_QUEUE_AC_BK].limit = 16;
147 priv->tx_stats[P54_QUEUE_AC_VO].limit = 3;
148 priv->tx_stats[P54_QUEUE_AC_VI].limit = 4;
149 priv->tx_stats[P54_QUEUE_AC_BE].limit = 3;
150 priv->tx_stats[P54_QUEUE_AC_BK].limit = 2;
152 priv->hw->queues = P54_QUEUE_AC_NUM;
155 printk(KERN_INFO "%s: cryptographic accelerator "
156 "WEP:%s, TKIP:%s, CCMP:%s\n", wiphy_name(priv->hw->wiphy),
157 (priv->privacy_caps & BR_DESC_PRIV_CAP_WEP) ? "YES" :
158 "no", (priv->privacy_caps & (BR_DESC_PRIV_CAP_TKIP |
159 BR_DESC_PRIV_CAP_MICHAEL)) ? "YES" : "no",
160 (priv->privacy_caps & BR_DESC_PRIV_CAP_AESCCMP) ?
163 if (priv->rx_keycache_size) {
167 * The firmware provides at most 255 (0 - 254) slots
168 * for keys which are then used to offload decryption.
169 * As a result the 255 entry (aka 0xff) can be used
170 * safely by the driver to mark keys that didn't fit
171 * into the full cache. This trick saves us from
172 * keeping a extra list for uploaded keys.
175 priv->used_rxkeys = kzalloc(BITS_TO_LONGS(
176 priv->rx_keycache_size), GFP_KERNEL);
178 if (!priv->used_rxkeys)
184 EXPORT_SYMBOL_GPL(p54_parse_firmware);
186 static struct sk_buff *p54_alloc_skb(struct p54_common *priv, u16 hdr_flags,
187 u16 payload_len, u16 type, gfp_t memflags)
191 size_t frame_len = sizeof(*hdr) + payload_len;
193 if (frame_len > P54_MAX_CTRL_FRAME_LEN)
196 if (unlikely(skb_queue_len(&priv->tx_pending) > 64))
199 skb = __dev_alloc_skb(priv->tx_hdr_len + frame_len, memflags);
202 skb_reserve(skb, priv->tx_hdr_len);
204 hdr = (struct p54_hdr *) skb_put(skb, sizeof(*hdr));
205 hdr->flags = cpu_to_le16(hdr_flags);
206 hdr->len = cpu_to_le16(payload_len);
207 hdr->type = cpu_to_le16(type);
208 hdr->tries = hdr->rts_tries = 0;
212 int p54_download_eeprom(struct p54_common *priv, void *buf,
215 struct p54_eeprom_lm86 *eeprom_hdr;
217 size_t eeprom_hdr_size;
220 if (priv->fw_var >= 0x509)
221 eeprom_hdr_size = sizeof(*eeprom_hdr);
223 eeprom_hdr_size = 0x4;
225 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL, eeprom_hdr_size +
226 len, P54_CONTROL_TYPE_EEPROM_READBACK,
231 mutex_lock(&priv->eeprom_mutex);
233 eeprom_hdr = (struct p54_eeprom_lm86 *) skb_put(skb,
234 eeprom_hdr_size + len);
236 if (priv->fw_var < 0x509) {
237 eeprom_hdr->v1.offset = cpu_to_le16(offset);
238 eeprom_hdr->v1.len = cpu_to_le16(len);
240 eeprom_hdr->v2.offset = cpu_to_le32(offset);
241 eeprom_hdr->v2.len = cpu_to_le16(len);
242 eeprom_hdr->v2.magic2 = 0xf;
243 memcpy(eeprom_hdr->v2.magic, (const char *)"LOCK", 4);
248 if (!wait_for_completion_interruptible_timeout(
249 &priv->eeprom_comp, HZ)) {
250 printk(KERN_ERR "%s: device does not respond!\n",
251 wiphy_name(priv->hw->wiphy));
255 mutex_unlock(&priv->eeprom_mutex);
259 int p54_update_beacon_tim(struct p54_common *priv, u16 aid, bool set)
264 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*tim),
265 P54_CONTROL_TYPE_TIM, GFP_ATOMIC);
269 tim = (struct p54_tim *) skb_put(skb, sizeof(*tim));
271 tim->entry[0] = cpu_to_le16(set ? (aid | 0x8000) : aid);
276 int p54_sta_unlock(struct p54_common *priv, u8 *addr)
279 struct p54_sta_unlock *sta;
281 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*sta),
282 P54_CONTROL_TYPE_PSM_STA_UNLOCK, GFP_ATOMIC);
286 sta = (struct p54_sta_unlock *)skb_put(skb, sizeof(*sta));
287 memcpy(sta->addr, addr, ETH_ALEN);
292 int p54_tx_cancel(struct p54_common *priv, __le32 req_id)
295 struct p54_txcancel *cancel;
296 u32 _req_id = le32_to_cpu(req_id);
298 if (unlikely(_req_id < priv->rx_start || _req_id > priv->rx_end))
301 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*cancel),
302 P54_CONTROL_TYPE_TXCANCEL, GFP_ATOMIC);
306 cancel = (struct p54_txcancel *)skb_put(skb, sizeof(*cancel));
307 cancel->req_id = req_id;
312 int p54_setup_mac(struct p54_common *priv)
315 struct p54_setup_mac *setup;
318 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*setup),
319 P54_CONTROL_TYPE_SETUP, GFP_ATOMIC);
323 setup = (struct p54_setup_mac *) skb_put(skb, sizeof(*setup));
324 if (!(priv->hw->conf.flags & IEEE80211_CONF_IDLE)) {
325 switch (priv->mode) {
326 case NL80211_IFTYPE_STATION:
327 mode = P54_FILTER_TYPE_STATION;
329 case NL80211_IFTYPE_AP:
330 mode = P54_FILTER_TYPE_AP;
332 case NL80211_IFTYPE_ADHOC:
333 case NL80211_IFTYPE_MESH_POINT:
334 mode = P54_FILTER_TYPE_IBSS;
336 case NL80211_IFTYPE_MONITOR:
337 mode = P54_FILTER_TYPE_PROMISCUOUS;
340 mode = P54_FILTER_TYPE_HIBERNATE;
345 * "TRANSPARENT and PROMISCUOUS are mutually exclusive"
346 * STSW45X0C LMAC API - page 12
348 if (((priv->filter_flags & FIF_PROMISC_IN_BSS) ||
349 (priv->filter_flags & FIF_OTHER_BSS)) &&
350 (mode != P54_FILTER_TYPE_PROMISCUOUS))
351 mode |= P54_FILTER_TYPE_TRANSPARENT;
353 mode = P54_FILTER_TYPE_HIBERNATE;
356 setup->mac_mode = cpu_to_le16(mode);
357 memcpy(setup->mac_addr, priv->mac_addr, ETH_ALEN);
358 memcpy(setup->bssid, priv->bssid, ETH_ALEN);
359 setup->rx_antenna = 2 & priv->rx_diversity_mask; /* automatic */
361 if (priv->fw_var < 0x500) {
362 setup->v1.basic_rate_mask = cpu_to_le32(priv->basic_rate_mask);
363 memset(setup->v1.rts_rates, 0, 8);
364 setup->v1.rx_addr = cpu_to_le32(priv->rx_end);
365 setup->v1.max_rx = cpu_to_le16(priv->rx_mtu);
366 setup->v1.rxhw = cpu_to_le16(priv->rxhw);
367 setup->v1.wakeup_timer = cpu_to_le16(priv->wakeup_timer);
368 setup->v1.unalloc0 = cpu_to_le16(0);
370 setup->v2.rx_addr = cpu_to_le32(priv->rx_end);
371 setup->v2.max_rx = cpu_to_le16(priv->rx_mtu);
372 setup->v2.rxhw = cpu_to_le16(priv->rxhw);
373 setup->v2.timer = cpu_to_le16(priv->wakeup_timer);
374 setup->v2.truncate = cpu_to_le16(48896);
375 setup->v2.basic_rate_mask = cpu_to_le32(priv->basic_rate_mask);
376 setup->v2.sbss_offset = 0;
377 setup->v2.mcast_window = 0;
378 setup->v2.rx_rssi_threshold = 0;
379 setup->v2.rx_ed_threshold = 0;
380 setup->v2.ref_clock = cpu_to_le32(644245094);
381 setup->v2.lpf_bandwidth = cpu_to_le16(65535);
382 setup->v2.osc_start_delay = cpu_to_le16(65535);
388 int p54_scan(struct p54_common *priv, u16 mode, u16 dwell)
392 struct p54_scan_head *head;
393 struct p54_iq_autocal_entry *iq_autocal;
394 union p54_scan_body_union *body;
395 struct p54_scan_tail_rate *rate;
396 struct pda_rssi_cal_entry *rssi;
399 int band = priv->hw->conf.channel->band;
400 __le16 freq = cpu_to_le16(priv->hw->conf.channel->center_freq);
402 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*head) +
403 2 + sizeof(*iq_autocal) + sizeof(*body) +
404 sizeof(*rate) + 2 * sizeof(*rssi),
405 P54_CONTROL_TYPE_SCAN, GFP_ATOMIC);
409 head = (struct p54_scan_head *) skb_put(skb, sizeof(*head));
410 memset(head->scan_params, 0, sizeof(head->scan_params));
411 head->mode = cpu_to_le16(mode);
412 head->dwell = cpu_to_le16(dwell);
415 if (priv->rxhw == PDR_SYNTH_FRONTEND_LONGBOW) {
416 __le16 *pa_power_points = (__le16 *) skb_put(skb, 2);
417 *pa_power_points = cpu_to_le16(0x0c);
420 iq_autocal = (void *) skb_put(skb, sizeof(*iq_autocal));
421 for (i = 0; i < priv->iq_autocal_len; i++) {
422 if (priv->iq_autocal[i].freq != freq)
425 memcpy(iq_autocal, &priv->iq_autocal[i].params,
426 sizeof(struct p54_iq_autocal_entry));
429 if (i == priv->iq_autocal_len)
432 if (priv->rxhw == PDR_SYNTH_FRONTEND_LONGBOW)
433 body = (void *) skb_put(skb, sizeof(body->longbow));
435 body = (void *) skb_put(skb, sizeof(body->normal));
437 for (i = 0; i < priv->output_limit->entries; i++) {
438 __le16 *entry_freq = (void *) (priv->output_limit->data +
439 priv->output_limit->entry_size * i);
441 if (*entry_freq != freq)
444 if (priv->rxhw == PDR_SYNTH_FRONTEND_LONGBOW) {
445 memcpy(&body->longbow.power_limits,
446 (void *) entry_freq + sizeof(__le16),
447 priv->output_limit->entry_size);
449 struct pda_channel_output_limit *limits =
452 body->normal.val_barker = 0x38;
453 body->normal.val_bpsk = body->normal.dup_bpsk =
455 body->normal.val_qpsk = body->normal.dup_qpsk =
457 body->normal.val_16qam = body->normal.dup_16qam =
459 body->normal.val_64qam = body->normal.dup_64qam =
464 if (i == priv->output_limit->entries)
467 entry = (void *)(priv->curve_data->data + priv->curve_data->offset);
468 for (i = 0; i < priv->curve_data->entries; i++) {
469 if (*((__le16 *)entry) != freq) {
470 entry += priv->curve_data->entry_size;
474 if (priv->rxhw == PDR_SYNTH_FRONTEND_LONGBOW) {
475 memcpy(&body->longbow.curve_data,
476 (void *) entry + sizeof(__le16),
477 priv->curve_data->entry_size);
479 struct p54_scan_body *chan = &body->normal;
480 struct pda_pa_curve_data *curve_data =
481 (void *) priv->curve_data->data;
483 entry += sizeof(__le16);
484 chan->pa_points_per_curve = 8;
485 memset(chan->curve_data, 0, sizeof(*chan->curve_data));
486 memcpy(chan->curve_data, entry,
487 sizeof(struct p54_pa_curve_data_sample) *
488 min((u8)8, curve_data->points_per_channel));
492 if (i == priv->curve_data->entries)
495 if ((priv->fw_var >= 0x500) && (priv->fw_var < 0x509)) {
496 rate = (void *) skb_put(skb, sizeof(*rate));
497 rate->basic_rate_mask = cpu_to_le32(priv->basic_rate_mask);
498 for (i = 0; i < sizeof(rate->rts_rates); i++)
499 rate->rts_rates[i] = i;
502 rssi = (struct pda_rssi_cal_entry *) skb_put(skb, sizeof(*rssi));
503 rssi->mul = cpu_to_le16(priv->rssical_db[band].mul);
504 rssi->add = cpu_to_le16(priv->rssical_db[band].add);
505 if (priv->rxhw == PDR_SYNTH_FRONTEND_LONGBOW) {
506 /* Longbow frontend needs ever more */
507 rssi = (void *) skb_put(skb, sizeof(*rssi));
508 rssi->mul = cpu_to_le16(priv->rssical_db[band].longbow_unkn);
509 rssi->add = cpu_to_le16(priv->rssical_db[band].longbow_unk2);
512 if (priv->fw_var >= 0x509) {
513 rate = (void *) skb_put(skb, sizeof(*rate));
514 rate->basic_rate_mask = cpu_to_le32(priv->basic_rate_mask);
515 for (i = 0; i < sizeof(rate->rts_rates); i++)
516 rate->rts_rates[i] = i;
519 hdr = (struct p54_hdr *) skb->data;
520 hdr->len = cpu_to_le16(skb->len - sizeof(*hdr));
526 printk(KERN_ERR "%s: frequency change to channel %d failed.\n",
527 wiphy_name(priv->hw->wiphy), ieee80211_frequency_to_channel(
528 priv->hw->conf.channel->center_freq));
530 dev_kfree_skb_any(skb);
534 int p54_set_leds(struct p54_common *priv)
539 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*led),
540 P54_CONTROL_TYPE_LED, GFP_ATOMIC);
544 led = (struct p54_led *) skb_put(skb, sizeof(*led));
545 led->flags = cpu_to_le16(0x0003);
546 led->mask[0] = led->mask[1] = cpu_to_le16(priv->softled_state);
547 led->delay[0] = cpu_to_le16(1);
548 led->delay[1] = cpu_to_le16(0);
553 int p54_set_edcf(struct p54_common *priv)
556 struct p54_edcf *edcf;
558 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*edcf),
559 P54_CONTROL_TYPE_DCFINIT, GFP_ATOMIC);
563 edcf = (struct p54_edcf *)skb_put(skb, sizeof(*edcf));
564 if (priv->use_short_slot) {
573 /* (see prism54/isl_oid.h for further details) */
574 edcf->frameburst = cpu_to_le16(0);
575 edcf->round_trip_delay = cpu_to_le16(0);
577 memset(edcf->mapping, 0, sizeof(edcf->mapping));
578 memcpy(edcf->queue, priv->qos_params, sizeof(edcf->queue));
583 int p54_set_ps(struct p54_common *priv)
590 if (priv->hw->conf.flags & IEEE80211_CONF_PS &&
591 !priv->powersave_override)
592 mode = P54_PSM | P54_PSM_BEACON_TIMEOUT | P54_PSM_DTIM |
593 P54_PSM_CHECKSUM | P54_PSM_MCBC;
597 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*psm),
598 P54_CONTROL_TYPE_PSM, GFP_ATOMIC);
602 psm = (struct p54_psm *)skb_put(skb, sizeof(*psm));
603 psm->mode = cpu_to_le16(mode);
604 psm->aid = cpu_to_le16(priv->aid);
605 for (i = 0; i < ARRAY_SIZE(psm->intervals); i++) {
606 psm->intervals[i].interval =
607 cpu_to_le16(priv->hw->conf.listen_interval);
608 psm->intervals[i].periods = cpu_to_le16(1);
611 psm->beacon_rssi_skip_max = 200;
612 psm->rssi_delta_threshold = 0;
614 psm->exclude[0] = WLAN_EID_TIM;
620 int p54_init_xbow_synth(struct p54_common *priv)
623 struct p54_xbow_synth *xbow;
625 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*xbow),
626 P54_CONTROL_TYPE_XBOW_SYNTH_CFG, GFP_KERNEL);
630 xbow = (struct p54_xbow_synth *)skb_put(skb, sizeof(*xbow));
631 xbow->magic1 = cpu_to_le16(0x1);
632 xbow->magic2 = cpu_to_le16(0x2);
633 xbow->freq = cpu_to_le16(5390);
634 memset(xbow->padding, 0, sizeof(xbow->padding));
639 int p54_upload_key(struct p54_common *priv, u8 algo, int slot, u8 idx, u8 len,
643 struct p54_keycache *rxkey;
645 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*rxkey),
646 P54_CONTROL_TYPE_RX_KEYCACHE, GFP_KERNEL);
650 rxkey = (struct p54_keycache *)skb_put(skb, sizeof(*rxkey));
653 rxkey->key_type = algo;
655 memcpy(rxkey->mac, addr, ETH_ALEN);
657 memset(rxkey->mac, ~0, ETH_ALEN);
661 case P54_CRYPTO_AESCCMP:
662 rxkey->key_len = min_t(u8, 16, len);
663 memcpy(rxkey->key, key, rxkey->key_len);
666 case P54_CRYPTO_TKIPMICHAEL:
668 memcpy(rxkey->key, key, 16);
669 memcpy(&(rxkey->key[16]), &(key
670 [NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY]), 8);
673 case P54_CRYPTO_NONE:
675 memset(rxkey->key, 0, sizeof(rxkey->key));
679 printk(KERN_ERR "%s: invalid cryptographic algorithm: %d\n",
680 wiphy_name(priv->hw->wiphy), algo);
689 int p54_fetch_statistics(struct p54_common *priv)
691 struct ieee80211_tx_info *txinfo;
692 struct p54_tx_info *p54info;
695 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL,
696 sizeof(struct p54_statistics),
697 P54_CONTROL_TYPE_STAT_READBACK, GFP_KERNEL);
702 * The statistic feedback causes some extra headaches here, if it
703 * is not to crash/corrupt the firmware data structures.
705 * Unlike all other Control Get OIDs we can not use helpers like
706 * skb_put to reserve the space for the data we're requesting.
707 * Instead the extra frame length -which will hold the results later-
708 * will only be told to the p54_assign_address, so that following
709 * frames won't be placed into the allegedly empty area.
711 txinfo = IEEE80211_SKB_CB(skb);
712 p54info = (void *) txinfo->rate_driver_data;
713 p54info->extra_len = sizeof(struct p54_statistics);
git.samba.org / sfrench / cifs-2.6.git / blob